[PLUG] What Is Sending Email?
Michael Barnes
barnmichael at gmail.com
Thu Mar 18 23:53:04 UTC 2021
As part of my new gig, I inherited an email server. It is an Intel NUC
running Linux. I have almost no information on it, other than its login
info. Looking at various logs, I find a folder /var/log/Exim4 with mail
logs in it. It has a series of log files titled mainlog with owner of
Debian-exim and group of adm.
In looking at the log, it has an entry every morning at 0625 that seems to
be sending an email to an unknown person. I have obscured the identity data.
2021-03-18 06:25:02 1lMse6-0001wL-1W <= root at mailx.mydomain.com U=root
P=local S=707
2021-03-18 06:25:06 1lMse6-0001wL-1W => someone at somewhere.org <
root at mailx.mydomain.com> R=dnslookup T=remote_smtp H=
in1-smtp.messagingengine.com [66.111.4.73]
X=TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes
DN="C=AU,ST=Victoria,L=Melbourne,O=FastMail Pty Ltd,CN=*.messagingengine.com"
K C="250 2.0.0 Queued as 89A962AC350"
2021-03-18 06:25:06 1lMse6-0001wL-1W Completed
Any ideas on exactly what is happening here? I certainly don't want this
thing sending someone emails every day that I do not know about.
Thanks,
Michael
More information about the PLUG
mailing list